Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me with a Trojan Gen 2 infection, and Slow Firefox, PLEASE!!!


  • Please log in to reply
30 replies to this topic

#1 Hercules40

Hercules40

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 05 February 2013 - 03:11 PM

  • I have Norton Security Suite version 3.8.3.6. The Software was provided by my ISP, Comcast (now known as Xfinity).
  • The software is set to scan 4 times a week and is updated continuously.
  • I am behind a Linksys router and a software firewall.
  • I run Malwarebytes Anti-Malware on a Regular basis.
  • I also run Spybot Search and Destroy on a Regular Basis.
  • I also occasionally, for a piece of mind, will run some free Anti-virus like Avast or AVG or Kapersky Labs.

Now for the problems: A few months ago (August last year?), I noticed Firefox (I very rarely use IE for anything), being extremely SLOW to load. Also, extremely slow when switching tabs, and so on. Mind you, I am only on a 3.0 Mbps connection, but still, some times it feels like dial-up. Then the PC was shut down for over a month in January while I was away and when I came back and turned it back on and updated everything I started seeing a Norton Anti-Virus pop-up stating: "That Trojan Gen 2 was detected and stopped". Apparently, this message has been there since October?

Here's one of the files infected:

"C:\documents and settings\mike\application data\winlive\winlive.dll"

The other one is:

"C:\documents and settings\mike\application data\mcommon\windowsliveupdate.exe"

And one more:

"C:\documents and setting\mike\local settings\application data\mozilla\firefox\profiles\wwqyt5a1.default\cache\5\7c\3ad17d01"


And since the pop-ups appeared, the PC is slower than molasses, and Firefox is REALLY, REALLY SLOW.

On my network, which consists of the occasional work laptop (which is highly locked-down and is not connected to the Workgroup I have created), I also have two TiVos, a Nook, another occasional tablet and an occasional visiting smart phone (it hasn't visited in 6 months). My wife's laptop is the other Workgroup PC.

I am having trouble with Firefox on the wife's laptop as well (as in how slow it is to come-up and respond to commands etc.) But the laptop, for now, is not as slow as the PC, and has not given us any messages.

When I loaded Chrome on the PC (main computer / main problem), I could not get it to work properly, with all the apps I needed (such as Ad-blocking software) so I am wondering if something is inhibiting it.

So, my findings so far: Am I as knowledgeable as the people I am asking help from? [bleep] no. I am finding out I know nothing. Yes, I've been a PC technician for 15 years, but that means nothing when faced with something like this. I am missing something OR I am not seeing something in "HijackThis" logs. Last run of Spyware Search and Destroy found some minor search bars, but I am guessing those are my recent fault when I got duped by an advert for "Speed Up My PC". They're now gone. And as I've said, Malwarebytes Anti-Malware came-up empty in FULL SCAN mode and Quick SCAN mode. I also run Hitbox which found some tracking cookies on my wife's side of the PC (her account -- she does not surf on the admin account, or in my account for security purposes.)

A couple more pieces of info:
  • I am on Windows XP SP3 (completely patched). -- This is an older DELL Dimension 4700 (it does the job for what I Do with it).
  • Norton Power Eraser (what Symantec recommended) found nothing after a scan
  • Back, after the October Windows XP patch went out, my computer crashed... It did not like something in that patch. I had to go back and use System Restore. However, after the System Restore, I re-patched and everything "seemed" to be ok, except the slowness of everything crept-up by a factor of 10.

So, do I need to re-install? I have a copy of Windows 7 that I have been holding onto for a new PC build, OR can this machine be cleaned?

Can anyone help me?

PS. If this machine is infected and needs to be cleaned, I might need help cleaning the other one as well, the wife's laptop.

Thanks for your help AHEAD of time. Thanks for taking up my case.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:04 AM

Posted 07 February 2013 - 09:42 PM

Hello, lets try these first/

 

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

 

 

 


Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

>>>

 

ADW Cleaner

Please download [URL="http://www.bleepingcomputer.com/download/adwcleaner/dl/125/"]AdwCleaner[/URL][/B] by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

>>>>

 

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

[B]NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Hercules40

Hercules40
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 08 February 2013 - 07:38 PM

(1) Starting with MiniToolbox Results:

 

 

 

 



MiniToolBox by Farbar  Version:10-01-2013
Ran by Mike (administrator) on 08-02-2013 at 18:10:28
Running from "C:\Documents and Settings\Mike\My Documents\My Downloads\MiniToolbox"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com

There are 15266 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "{5885102E-9902-4434-8699-2505201A5994}"

set address name="{5885102E-9902-4434-8699-2505201A5994}" source=dhcp
set dns name="{5885102E-9902-4434-8699-2505201A5994}" source=dhcp register=PRIMARY
set wins name="{5885102E-9902-4434-8699-2505201A5994}" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : papag06

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-13-20-6B-FA-69

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.101

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 75.75.75.75

                                            75.75.76.76

        Lease Obtained. . . . . . . . . . : Friday, February 08, 2013 7:33:31 AM

        Lease Expires . . . . . . . . . . : Saturday, February 09, 2013 7:33:31 AM



Ethernet adapter Local Area Connection 2:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC #2

        Physical Address. . . . . . . . . : 00-50-BA-4D-38-78



Ethernet adapter {5885102E-9902-4434-8699-2505201A5994}:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : TAP VPN Adapter - Packet Scheduler Miniport

        Physical Address. . . . . . . . . : 00-FF-58-85-10-2E

Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  173.194.37.46, 173.194.37.38, 173.194.37.36, 173.194.37.34
      173.194.37.33, 173.194.37.32, 173.194.37.41, 173.194.37.40, 173.194.37.35
      173.194.37.37, 173.194.37.39



Pinging google.com [173.194.37.38] with 32 bytes of data:



Reply from 173.194.37.38: bytes=32 time=26ms TTL=54

Reply from 173.194.37.38: bytes=32 time=19ms TTL=54



Ping statistics for 173.194.37.38:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 19ms, Maximum = 26ms, Average = 22ms

Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=91ms TTL=50

Reply from 98.138.253.109: bytes=32 time=79ms TTL=50



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 79ms, Maximum = 91ms, Average = 85ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 6b fa 69 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x3 ...00 50 ba 4d 38 78 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Packet Scheduler Miniport
0x10005 ...00 ff 58 85 10 2e ...... TAP VPN Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.101      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0    192.168.1.101   192.168.1.101      20
      192.168.1.0    255.255.255.0    192.168.1.101   192.168.1.101      20
    192.168.1.101  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.101   192.168.1.101      20
        224.0.0.0        240.0.0.0    192.168.1.101   192.168.1.101      20
  255.255.255.255  255.255.255.255    192.168.1.101           10005      1
  255.255.255.255  255.255.255.255    192.168.1.101   192.168.1.101      1
  255.255.255.255  255.255.255.255    192.168.1.101               3      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/07/2013 07:44:06 PM) (Source: Microsoft Office 11) (User: )
Description: Rejected Safe Mode action : Microsoft Office Word.

Error: (02/07/2013 07:37:03 PM) (Source: TivoTransfer) (User: )
Description: TiVoTransfer already run!

Error: (02/07/2013 05:58:19 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 2/7/2013 11:58:18 PM
Message: The activation has been paused and it's been delayed until the application is closed.
Severity: Error
Process Id: 5472
Win32 Thread Id: 1856

Extended Properties:
Exception - Microsoft.ApplicationBlocks.Updater.Activator.ActivationPausedException: The activation has been paused and it's been delayed until the application is closed.
   at Microsoft.ApplicationBlocks.Updater.ActivationProcessors.WaitForApplicationExitProcessor.PrepareExecution()
   at Microsoft.ApplicationBlocks.Updater.Activator.ActivationManager.Activate(UpdaterTask task)

Error: (02/03/2013 03:00:53 PM) (Source: TivoTransfer) (User: )
Description: TiVoTransfer already run!

Error: (02/03/2013 10:49:18 AM) (Source: TivoTransfer) (User: )
Description: TiVoTransfer already run!

Error: (01/31/2013 02:31:25 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 1/31/2013 8:31:24 PM
Message: The activation has been paused and it's been delayed until the application is closed.
Severity: Error
Process Id: 536
Win32 Thread Id: 2092

Extended Properties:
Exception - Microsoft.ApplicationBlocks.Updater.Activator.ActivationPausedException: The activation has been paused and it's been delayed until the application is closed.
   at Microsoft.ApplicationBlocks.Updater.ActivationProcessors.WaitForApplicationExitProcessor.PrepareExecution()
   at Microsoft.ApplicationBlocks.Updater.Activator.ActivationManager.Activate(UpdaterTask task)

Error: (01/31/2013 09:02:19 AM) (Source: TivoTransfer) (User: )
Description: TiVoTransfer already run!

Error: (01/26/2013 02:58:15 PM) (Source: Application Error) (User: )
Description: Fault bucket 2010035503.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (01/26/2013 02:56:12 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0ac4c260.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/19/2013 10:22:15 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (02/08/2013 04:31:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/08/2013 01:49:53 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/08/2013 11:31:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/08/2013 06:31:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/08/2013 01:31:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/07/2013 08:31:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/07/2013 07:46:35 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/07/2013 07:44:10 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/07/2013 07:40:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (02/07/2013 07:40:17 PM) (Source: Service Control Manager) (User: )
Description: Timeout (120000 milliseconds) waiting for the Windows Live ID Sign-in Assistant service to connect.


Microsoft Office Sessions:
=========================
Error: (02/07/2013 07:44:06 PM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office Word

Error: (02/07/2013 07:37:03 PM) (Source: TivoTransfer)(User: )
Description: TiVoTransfer already run!

Error: (02/07/2013 05:58:19 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 2/7/2013 11:58:18 PM
Message: The activation has been paused and it's been delayed until the application is closed.
Severity: Error
Process Id: 5472
Win32 Thread Id: 1856

Extended Properties:
Exception - Microsoft.ApplicationBlocks.Updater.Activator.ActivationPausedException: The activation has been paused and it's been delayed until the application is closed.
   at Microsoft.ApplicationBlocks.Updater.ActivationProcessors.WaitForApplicationExitProcessor.PrepareExecution()
   at Microsoft.ApplicationBlocks.Updater.Activator.ActivationManager.Activate(UpdaterTask task)

Error: (02/03/2013 03:00:53 PM) (Source: TivoTransfer)(User: )
Description: TiVoTransfer already run!

Error: (02/03/2013 10:49:18 AM) (Source: TivoTransfer)(User: )
Description: TiVoTransfer already run!

Error: (01/31/2013 02:31:25 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 1/31/2013 8:31:24 PM
Message: The activation has been paused and it's been delayed until the application is closed.
Severity: Error
Process Id: 536
Win32 Thread Id: 2092

Extended Properties:
Exception - Microsoft.ApplicationBlocks.Updater.Activator.ActivationPausedException: The activation has been paused and it's been delayed until the application is closed.
   at Microsoft.ApplicationBlocks.Updater.ActivationProcessors.WaitForApplicationExitProcessor.PrepareExecution()
   at Microsoft.ApplicationBlocks.Updater.Activator.ActivationManager.Activate(UpdaterTask task)

Error: (01/31/2013 09:02:19 AM) (Source: TivoTransfer)(User: )
Description: TiVoTransfer already run!

Error: (01/26/2013 02:58:15 PM) (Source: Application Error)(User: )
Description: 2010035503

Error: (01/26/2013 02:56:12 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.00ac4c260

Error: (01/19/2013 10:22:15 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
AC3Filter 1.63b (Version: 1.63b)
Acrobat.com (Version: 2.0.0)
Adobe AIR (Version: 3.4.0.2540)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Amazon MP3 Downloader 1.0.10
Any Video Converter 3.3.8
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 4
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
Avery Wizard 3.1 (Version: 3.1.5)
avi.NET 3.5.1.0
AviSubtitler v2.02
AviSynth 2.6 (Version: 2.6.0.2)
AviSynth Batch Scripter 1.0.1
AVStoDVD 2.5.1 (Version: 2.5.1)
Belarc Advisor 8.1
Belkin Network USB Hub Control Center (Version: 1.4.0)
Beyond Compare Version 2.2.7
Bonjour (Version: 3.0.0.10)
BTGuard 2.4
BTGuard 2.5
calibre (Version: 0.9.11)
CCExtractor (Version: 0.59.0)
CCleaner (Version: 3.27)
Click-N-Ship for Business® (Version: 4.1.166.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Data Lifeguard Diagnostic for Windows 1.24
Defraggler (Version: 2.10)
Devart Code Compare 2.70.7 (Version: 2.70.7)
DirectVobSub 2.41.4830 (Version: 2.41.4830)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.6.1.22)
DivX Version Checker (Version: 7.1.0.2)
Driver Sweeper 2.1.0
Dropbox (Version: 1.4.7)
EPSON Scan
EPSON Web-To-Page
EPSON WorkForce 500 Series Printer Uninstall
EVGA Precision 2.0.2 (Version: 2.0.2)
Exact Audio Copy 1.0beta3 (Version: 1.0beta3)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
File Uploader (Version: 1.2.5)
FileASSASSIN (Version: 1.06)
FormatFactory 2.95 (Version: 2.95)
Free YouTube Downloader 3.5.128
Garmin City Navigator North America NT 2010.10 Update (Version: 13.0.0.0)
Garmin Communicator Plugin (Version: 2.6.4)
Garmin MapSource (Version: 6.16.3)
Garmin USB Drivers (Version: 1.0.0.0)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.4.2)
Google Drive (Version: 1.7.4018.3496)
Google Gears (Version: 0.5.3600)
Google Talk Plugin (Version: 3.13.2.11592)
Google Update Helper (Version: 1.3.21.123)
Haali Media Splitter
HandBrake 0.9.8 (Version: 0.9.8)
ImgBurn (Version: 2.5.7.0)
Inkscape 0.47 (Version: 0.47)
Intel® PRO Network Connections Drivers
iPhone Configuration Utility (Version: 2.1.0.163)
iSEEK AnswerWorks English Runtime (Version: 009.000.0002)
iTunes (Version: 11.0.1.12)
IZArc 4.0 beta 1 (Version: 4.0 Build 1760)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (Version: 6.0.290)
JavaFX 2.1.0 (Version: 2.1.0)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Matroska Pack
MatroskaProp (remove only)
MediaInfo 0.7.58 (Version: 0.7.58)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Windows Theme Nunavut (Version: 1.0.0)
MKVToolNix 5.5.0 (Version: 5.5.0)
Move Media Player
Mozilla Firefox 18.0.2 (x86 en-US) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 18.0.2)
Mozilla Thunderbird (3.1.6) (Version: 3.1.6 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MusicBrainz Picard (Version: 0.14)
myTV (Version: 2.2.0)
myTV (Version: 3.4.2)
Natural Color Pro (Version: 1.00.0005)
Network Stumbler 0.4.0 (remove only)
NetWorx 5.2.7
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.3)
NOOK for PC (Version: 2.5.6.9575)
Norton Security Suite (Version: 3.8.3.6)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA HD Audio Driver 1.1.13.1 (Version: 1.1.13.1)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA nView 135.50 (Version: 135.50)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Orbit Downloader
Pazera Free FLV to AVI Converter 1.5 (Version: 1.5)
Pazera Free MP4 to AVI Converter 1.5 (Version: 1.5)
Philips SPC 1300NC Webcam Driver (Version: 5.8.8.042)
Philips SPC1300NC Webcam (Version: 1.0.0.0)
Philips VLounge
Photo Story 3 for Windows (Version: 3.0.1115.11)
Picasa 3 (Version: 3.8)
Picture Control Utility (Version: 1.1.6)
PMB (Version: 5.2.00.03250)
Polipo 1.0.4.1
PowerDVD Copy 1.0
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Python 2.6.6 (Version: 2.6.6150)
Python 2.7 PIL-1.1.7
Python 2.7.1 (Version: 2.7.1150)
pyTivo wmcbrine-2009.03.19-RC1 (Version: wmcbrine-2009.03.19-RC1)
QuickTime (Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
Recuva (Version: 1.44)
Roxio Content 9 (Version: 9.0.021)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Easy Media Creator 9 Suite (Version: 9.0.088)
Roxio SightSpeed (Version: 4.6)
Roxio Update Manager (Version: 6.0.0)
SABnzbd 0.6.15 (Version: 0.6.15)
Samsung ML-1740 Series
Seagate Manager Installer (Version: 2.01.0600)
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 6.0.10297)
Skype™ 5.10 (Version: 5.10.116)
Smartparts Desktop (Version: 3.03.0000)
SopCast 2.0.4 (Version: 2.0.4)
SoundMAX (Version: 5.12.01.5246)
Speccy
Spybot - Search & Destroy (Version: 1.6.2)
Subtitle Workshop 2.51
System Requirements Lab
T2Sami (Version: 3.0.0036)
T2Sami Desktop (Version: 3.2.0072)
theRenamer 7.54
TiVo Desktop 2.8.2 (Version: 2.8.412.369)
Tor 0.2.1.30
Tunatic
TurboTax 2009
TurboTax 2009 waliper (Version: 009.000.0693)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 waliper (Version: 010.000.1332)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
TVAnts 1.0
TweetDeck (Version: 0.37.5)
TweetDeck (Version: 1.5.3)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows Internet Explorer 8 (KB969497) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Vidalia 0.2.12
video.NET 0.7.0.0
VideoReDo-AutoProcessor Ver. 0.87
VideoReDo Plus Version 3.10.3.616
VideoReDo TVSuite Version 4.20.7.629
VideoReDo/Plus Version 2.5.6.512
ViewNX (Version: 1.4.0)
VLC media player 2.0.5 (Version: 2.0.5)
VobSub v2.23 (Remove Only)
WD FAT32 Formatter (Version: 2.0.0)
WebFldrs XP (Version: 9.50.6513)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinMerge 2.12.4 (Version: 2.12.4)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WriteWay (Version: 1.9.2)
Xmarks for IE (Version: 127.0.154)
Xmarks Thumbnails for IE (Version: 1.0.12)
XP Codec Pack
Xvid 1.2.2 final uninstall (Version: 1.2)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 2046.07 MB
Available physical RAM: 1264.64 MB
Total Pagefile: 3937.97 MB
Available Pagefile: 3036.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149 GB) (Free:46.78 GB) NTFS
4 Drive f: (LEXAR MEDIA) (Removable) (Total:0.06 GB) (Free:0.01 GB) FAT32
5 Drive g: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:95.52 GB) NTFS
6 Drive h: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:28.63 GB) NTFS
7 Drive i: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:383.52 GB) NTFS
8 Drive j: (WD Passport) (Fixed) (Total:55.86 GB) (Free:51.29 GB) FAT32
9 Drive k: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:1151.63 GB) NTFS
10 Drive l: () (Fixed) (Total:37.24 GB) (Free:23.46 GB) FAT32
11 Drive m: (WD - MUSIC) (Fixed) (Total:232.83 GB) (Free:216.64 GB) FAT32

========================= Users: ========================================

User accounts for \\PAPAG06

Administrator            ASPNET                   Guest                    
HelpAssistant            Lola                     Mike                     
SUPPORT_388945a0         


**** End of log ****
 



#4 Hercules40

Hercules40
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 08 February 2013 - 07:45 PM

(2) TDSSKiller Results:

 

 

 



18:40:47.0125 3272  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:40:47.0515 3272  ============================================================
18:40:47.0515 3272  Current date / time: 2013/02/08 18:40:47.0515
18:40:47.0515 3272  SystemInfo:
18:40:47.0515 3272  
18:40:47.0515 3272  OS Version: 5.1.2600 ServicePack: 3.0
18:40:47.0515 3272  Product type: Workstation
18:40:47.0515 3272  ComputerName: PAPAG06
18:40:47.0531 3272  UserName: Mike
18:40:47.0531 3272  Windows directory: C:\WINDOWS
18:40:47.0531 3272  System windows directory: C:\WINDOWS
18:40:47.0531 3272  Processor architecture: Intel x86
18:40:47.0531 3272  Number of processors: 2
18:40:47.0531 3272  Page size: 0x1000
18:40:47.0531 3272  Boot type: Normal boot
18:40:47.0531 3272  ============================================================
18:40:51.0531 3272  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:40:51.0578 3272  Drive \Device\Harddisk1\DR3 - Size: 0xE8E0DB5C00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:40:51.0578 3272  Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:40:55.0281 3272  Drive \Device\Harddisk3\DR5 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:40:55.0703 3272  Drive \Device\Harddisk4\DR7 - Size: 0x3D80000 (0.06 Gb), SectorSize: 0x200, Cylinders: 0x7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:40:55.0718 3272  Drive \Device\Harddisk5\DR8 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:40:55.0734 3272  Drive \Device\Harddisk6\DR11 - Size: 0x1D1C1115E00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:41:02.0406 3272  Drive \Device\Harddisk7\DR12 - Size: 0x1D1C1115E00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:41:02.0437 3272  Drive \Device\Harddisk8\DR13 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:41:08.0296 3272  ============================================================
18:41:08.0296 3272  \Device\Harddisk0\DR0:
18:41:08.0296 3272  MBR partitions:
18:41:08.0296 3272  \Device\Harddisk1\DR3:
18:41:08.0296 3272  MBR partitions:
18:41:08.0296 3272  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
18:41:08.0296 3272  \Device\Harddisk2\DR4:
18:41:08.0296 3272  MBR partitions:
18:41:08.0296 3272  \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
18:41:08.0296 3272  \Device\Harddisk3\DR5:
18:41:08.0296 3272  MBR partitions:
18:41:08.0296 3272  \Device\Harddisk3\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x6FBFEBF
18:41:08.0296 3272  \Device\Harddisk4\DR7:
18:41:08.0296 3272  MBR partitions:
18:41:08.0296 3272  \Device\Harddisk4\DR7\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1EB60
18:41:08.0296 3272  \Device\Harddisk5\DR8:
18:41:08.0296 3272  MBR partitions:
18:41:08.0296 3272  \Device\Harddisk5\DR8\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x4A81400
18:41:08.0296 3272  \Device\Harddisk6\DR11:
18:41:08.0296 3272  MBR partitions:
18:41:08.0296 3272  \Device\Harddisk6\DR11\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E074C1
18:41:08.0296 3272  \Device\Harddisk7\DR12:
18:41:08.0296 3272  MBR partitions:
18:41:08.0296 3272  \Device\Harddisk7\DR12\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
18:41:08.0296 3272  \Device\Harddisk8\DR13:
18:41:08.0312 3272  MBR partitions:
18:41:08.0312 3272  \Device\Harddisk8\DR13\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
18:41:08.0312 3272  ============================================================
18:41:08.0312 3272  H: <-> \Device\Harddisk1\DR3\Partition1
18:41:08.0343 3272  K: <-> \Device\Harddisk7\DR12\Partition1
18:41:08.0375 3272  M: <-> \Device\Harddisk8\DR13\Partition1
18:41:08.0406 3272  I: <-> \Device\Harddisk6\DR11\Partition1
18:41:08.0406 3272  G: <-> \Device\Harddisk2\DR4\Partition1
18:41:08.0406 3272  J: <-> \Device\Harddisk3\DR5\Partition1
18:41:08.0406 3272  L: <-> \Device\Harddisk5\DR8\Partition1
18:41:08.0406 3272  ============================================================
18:41:08.0406 3272  Initialize success
18:41:08.0406 3272  ============================================================
18:41:27.0406 3488  ============================================================
18:41:27.0406 3488  Scan started
18:41:27.0406 3488  Mode: Manual;
18:41:27.0406 3488  ============================================================
18:41:28.0484 3488  ================ Scan system memory ========================
18:41:28.0484 3488  System memory - ok
18:41:28.0484 3488  ================ Scan services =============================
18:41:28.0515 3488  Abiosdsk - ok
18:41:28.0531 3488  abp480n5 - ok
18:41:28.0531 3488  ACDaemon - ok
18:41:28.0546 3488  ACPI - ok
18:41:28.0562 3488  ACPIEC - ok
18:41:28.0562 3488  adpu160m - ok
18:41:28.0578 3488  aec - ok
18:41:28.0578 3488  AFD - ok
18:41:28.0593 3488  Aha154x - ok
18:41:28.0609 3488  aic78u2 - ok
18:41:28.0609 3488  aic78xx - ok
18:41:28.0625 3488  Alerter - ok
18:41:28.0625 3488  ALG - ok
18:41:28.0640 3488  AliIde - ok
18:41:28.0656 3488  amsint - ok
18:41:28.0671 3488  Apple Mobile Device - ok
18:41:28.0687 3488  AppMgmt - ok
18:41:28.0703 3488  asc - ok
18:41:28.0703 3488  asc3350p - ok
18:41:28.0718 3488  asc3550 - ok
18:41:28.0750 3488  aspnet_state - ok
18:41:28.0750 3488  AsyncMac - ok
18:41:28.0765 3488  atapi - ok
18:41:28.0765 3488  Atdisk - ok
18:41:28.0781 3488  Atmarpc - ok
18:41:28.0781 3488  AudioSrv - ok
18:41:28.0796 3488  audstub - ok
18:41:28.0812 3488  BANTExt - ok
18:41:28.0812 3488  Beep - ok
18:41:28.0828 3488  BHDrvx86 - ok
18:41:28.0843 3488  BITS - ok
18:41:28.0859 3488  Bonjour Service - ok
18:41:28.0859 3488  Browser - ok
18:41:28.0875 3488  cbidf2k - ok
18:41:28.0890 3488  CCDECODE - ok
18:41:28.0890 3488  ccHP - ok
18:41:28.0906 3488  cd20xrnt - ok
18:41:28.0906 3488  Cdaudio - ok
18:41:28.0921 3488  Cdfs - ok
18:41:28.0937 3488  Cdrom - ok
18:41:28.0937 3488  Changer - ok
18:41:28.0953 3488  CiSvc - ok
18:41:28.0953 3488  ClipSrv - ok
18:41:28.0968 3488  clr_optimization_v2.0.50727_32 - ok
18:41:28.0984 3488  clr_optimization_v4.0.30319_32 - ok
18:41:29.0000 3488  CmdIde - ok
18:41:29.0015 3488  Compbatt - ok
18:41:29.0015 3488  COMSysApp - ok
18:41:29.0046 3488  Cpqarray - ok
18:41:29.0062 3488  cpuz132 - ok
18:41:29.0062 3488  CryptSvc - ok
18:41:29.0078 3488  dac2w2k - ok
18:41:29.0093 3488  dac960nt - ok
18:41:29.0093 3488  DcomLaunch - ok
18:41:29.0109 3488  DgiVecp - ok
18:41:29.0109 3488  Dhcp - ok
18:41:29.0125 3488  Disk - ok
18:41:29.0125 3488  DLABMFSM - ok
18:41:29.0140 3488  DLABOIOM - ok
18:41:29.0156 3488  DLACDBHM - ok
18:41:29.0156 3488  DLADResM - ok
18:41:29.0171 3488  DLAIFS_M - ok
18:41:29.0171 3488  DLAOPIOM - ok
18:41:29.0187 3488  DLAPoolM - ok
18:41:29.0218 3488  DLARTL_M - ok
18:41:29.0218 3488  DLAUDFAM - ok
18:41:29.0234 3488  DLAUDF_M - ok
18:41:29.0234 3488  dmadmin - ok
18:41:29.0250 3488  dmboot - ok
18:41:29.0265 3488  dmio - ok
18:41:29.0265 3488  dmload - ok
18:41:29.0281 3488  dmserver - ok
18:41:29.0281 3488  DMusic - ok
18:41:29.0328 3488  Dnscache - ok
18:41:29.0328 3488  Dot3svc - ok
18:41:29.0343 3488  dpti2o - ok
18:41:29.0343 3488  drmkaud - ok
18:41:29.0359 3488  drvmcdb - ok
18:41:29.0375 3488  DRVNDDM - ok
18:41:29.0375 3488  DUMeterDrv - ok
18:41:29.0390 3488  E100B - ok
18:41:29.0390 3488  EapHost - ok
18:41:29.0406 3488  eeCtrl - ok
18:41:29.0421 3488  EPSON_EB_RPCV4_01 - ok
18:41:29.0421 3488  EPSON_PM_RPCV4_01 - ok
18:41:29.0437 3488  EraserUtilDrv11220 - ok
18:41:29.0453 3488  ERSvc - ok
18:41:29.0453 3488  Eventlog - ok
18:41:29.0468 3488  EventSystem - ok
18:41:29.0468 3488  Fastfat - ok
18:41:29.0484 3488  FastUserSwitchingCompatibility - ok
18:41:29.0484 3488  Fdc - ok
18:41:29.0500 3488  Fips - ok
18:41:29.0515 3488  Flpydisk - ok
18:41:29.0515 3488  FltMgr - ok
18:41:29.0531 3488  FontCache3.0.0.0 - ok
18:41:29.0531 3488  FreeAgentGoNext Service - ok
18:41:29.0546 3488  fssfltr - ok
18:41:29.0562 3488  fsssvc - ok
18:41:29.0562 3488  Fs_Rec - ok
18:41:29.0578 3488  Ftdisk - ok
18:41:29.0578 3488  GEARAspiWDM - ok
18:41:29.0593 3488  Gpc - ok
18:41:29.0609 3488  gupdate - ok
18:41:29.0640 3488  gupdatem - ok
18:41:29.0640 3488  gusvc - ok
18:41:29.0656 3488  HDAudBus - ok
18:41:29.0671 3488  helpsvc - ok
18:41:29.0671 3488  HidBatt - ok
18:41:29.0687 3488  HidServ - ok
18:41:29.0703 3488  HidUsb - ok
18:41:29.0703 3488  hitmanpro37 - ok
18:41:29.0718 3488  hkmsvc - ok
18:41:29.0718 3488  hpn - ok
18:41:29.0734 3488  HTTP - ok
18:41:29.0734 3488  HTTPFilter - ok
18:41:29.0750 3488  i2omgmt - ok
18:41:29.0765 3488  i2omp - ok
18:41:29.0765 3488  i8042prt - ok
18:41:29.0781 3488  ialm - ok
18:41:29.0796 3488  IDriverT - ok
18:41:29.0796 3488  idsvc - ok
18:41:29.0812 3488  IDSxpx86 - ok
18:41:29.0828 3488  Imapi - ok
18:41:29.0828 3488  ImapiService - ok
18:41:29.0843 3488  ini910u - ok
18:41:29.0859 3488  IntelIde - ok
18:41:29.0859 3488  intelppm - ok
18:41:29.0875 3488  IntuitUpdateService - ok
18:41:29.0890 3488  ip6fw - ok
18:41:29.0890 3488  IpFilterDriver - ok
18:41:29.0906 3488  IpInIp - ok
18:41:29.0906 3488  IpNat - ok
18:41:29.0921 3488  iPod Service - ok
18:41:29.0921 3488  IPSec - ok
18:41:29.0937 3488  IRENUM - ok
18:41:29.0953 3488  isapnp - ok
18:41:29.0953 3488  JavaQuickStarterService - ok
18:41:29.0968 3488  Kbdclass - ok
18:41:29.0968 3488  kmixer - ok
18:41:29.0984 3488  kmttg - ok
18:41:30.0000 3488  KSecDD - ok
18:41:30.0000 3488  lanmanserver - ok
18:41:30.0015 3488  lanmanworkstation - ok
18:41:30.0015 3488  lbrtfdc - ok
18:41:30.0031 3488  LmHosts - ok
18:41:30.0046 3488  MagicTune - ok
18:41:30.0062 3488  mbamchameleon - ok
18:41:30.0078 3488  MDM - ok
18:41:30.0078 3488  Messenger - ok
18:41:30.0093 3488  mfeavfk - ok
18:41:30.0093 3488  mfebopk - ok
18:41:30.0109 3488  mfehidk - ok
18:41:30.0125 3488  mferkdk - ok
18:41:30.0125 3488  mfesmfk - ok
18:41:30.0140 3488  mnmdd - ok
18:41:30.0140 3488  mnmsrvc - ok
18:41:30.0156 3488  Modem - ok
18:41:30.0171 3488  Mouclass - ok
18:41:30.0171 3488  MountMgr - ok
18:41:30.0218 3488  MozillaMaintenance - ok
18:41:30.0218 3488  mraid35x - ok
18:41:30.0234 3488  MRxDAV - ok
18:41:30.0234 3488  MRxSmb - ok
18:41:30.0250 3488  MSDTC - ok
18:41:30.0265 3488  Msfs - ok
18:41:30.0281 3488  MSIServer - ok
18:41:30.0281 3488  MSKSSRV - ok
18:41:30.0296 3488  MSPCLOCK - ok
18:41:30.0296 3488  MSPQM - ok
18:41:30.0312 3488  mssmbios - ok
18:41:30.0328 3488  MSTEE - ok
18:41:30.0328 3488  Mup - ok
18:41:30.0343 3488  N360 - ok
18:41:30.0343 3488  NABTSFEC - ok
18:41:30.0359 3488  napagent - ok
18:41:30.0375 3488  NAVENG - ok
18:41:30.0375 3488  NAVEX15 - ok
18:41:30.0390 3488  NCPro - ok
18:41:30.0406 3488  NDIS - ok
18:41:30.0406 3488  NdisIP - ok
18:41:30.0421 3488  NdisTapi - ok
18:41:30.0437 3488  Ndisuio - ok
18:41:30.0437 3488  NdisWan - ok
18:41:30.0453 3488  NDProxy - ok
18:41:30.0453 3488  NetBIOS - ok
18:41:30.0468 3488  NetBT - ok
18:41:30.0468 3488  NetDDE - ok
18:41:30.0484 3488  NetDDEdsdm - ok
18:41:30.0500 3488  Netlogon - ok
18:41:30.0500 3488  Netman - ok
18:41:30.0515 3488  NetTcpPortSharing - ok
18:41:30.0515 3488  networx - ok
18:41:30.0531 3488  Nla - ok
18:41:30.0531 3488  NPF - ok
18:41:30.0546 3488  Npfs - ok
18:41:30.0562 3488  Ntfs - ok
18:41:30.0562 3488  NtLmSsp - ok
18:41:30.0578 3488  NtmsSvc - ok
18:41:30.0578 3488  Null - ok
18:41:30.0593 3488  nv - ok
18:41:30.0609 3488  NVHDA - ok
18:41:30.0609 3488  NVSvc - ok
18:41:30.0625 3488  NwlnkFlt - ok
18:41:30.0625 3488  NwlnkFwd - ok
18:41:30.0640 3488  ose - ok
18:41:30.0656 3488  Parport - ok
18:41:30.0656 3488  PartMgr - ok
18:41:30.0671 3488  ParVdm - ok
18:41:30.0671 3488  PCI - ok
18:41:30.0687 3488  PCIDump - ok
18:41:30.0703 3488  PCIIde - ok
18:41:30.0703 3488  Pcmcia - ok
18:41:30.0718 3488  PDCOMP - ok
18:41:30.0734 3488  PDFRAME - ok
18:41:30.0734 3488  PDRELI - ok
18:41:30.0750 3488  PDRFRAME - ok
18:41:30.0750 3488  perc2 - ok
18:41:30.0765 3488  perc2hib - ok
18:41:30.0796 3488  phaudlwr - ok
18:41:30.0796 3488  PlugPlay - ok
18:41:30.0812 3488  PMBDeviceInfoProvider - ok
18:41:30.0812 3488  PolicyAgent - ok
18:41:30.0828 3488  PptpMiniport - ok
18:41:30.0843 3488  Processor - ok
18:41:30.0843 3488  ProtectedStorage - ok
18:41:30.0859 3488  PSched - ok
18:41:30.0859 3488  Ptilink - ok
18:41:30.0875 3488  PxHelp20 - ok
18:41:30.0875 3488  pyTivo - ok
18:41:30.0890 3488  ql1080 - ok
18:41:30.0906 3488  Ql10wnt - ok
18:41:30.0906 3488  ql12160 - ok
18:41:30.0906 3488  ql1240 - ok
18:41:30.0921 3488  ql1280 - ok
18:41:30.0937 3488  RasAcd - ok
18:41:30.0937 3488  RasAuto - ok
18:41:30.0953 3488  Rasl2tp - ok
18:41:30.0953 3488  RasMan - ok
18:41:30.0968 3488  RasPppoe - ok
18:41:30.0984 3488  Raspti - ok
18:41:30.0984 3488  Rdbss - ok
18:41:31.0000 3488  RDPCDD - ok
18:41:31.0015 3488  rdpdr - ok
18:41:31.0015 3488  RDPWD - ok
18:41:31.0031 3488  RDSessMgr - ok
18:41:31.0046 3488  redbook - ok
18:41:31.0046 3488  RemoteAccess - ok
18:41:31.0062 3488  RemoteRegistry - ok
18:41:31.0062 3488  Roxio UPnP Renderer 9 - ok
18:41:31.0078 3488  Roxio Upnp Server 9 - ok
18:41:31.0078 3488  RoxLiveShare9 - ok
18:41:31.0093 3488  RoxMediaDB9 - ok
18:41:31.0109 3488  RoxWatch9 - ok
18:41:31.0140 3488  rpcapd - ok
18:41:31.0156 3488  RpcLocator - ok
18:41:31.0156 3488  RpcSs - ok
18:41:31.0171 3488  RSVP - ok
18:41:31.0171 3488  rtl8139 - ok
18:41:31.0187 3488  RxFilter - ok
18:41:31.0203 3488  SamSs - ok
18:41:31.0203 3488  SCardSvr - ok
18:41:31.0218 3488  Schedule - ok
18:41:31.0234 3488  Secdrv - ok
18:41:31.0234 3488  seclogon - ok
18:41:31.0250 3488  senfilt - ok
18:41:31.0265 3488  SENS - ok
18:41:31.0265 3488  serenum - ok
18:41:31.0281 3488  Serial - ok
18:41:31.0312 3488  Sfloppy - ok
18:41:31.0312 3488  SharedAccess - ok
18:41:31.0328 3488  ShellHWDetection - ok
18:41:31.0343 3488  Simbad - ok
18:41:31.0343 3488  Skype C2C Service - ok
18:41:31.0359 3488  SkypeUpdate - ok
18:41:31.0375 3488  SLIP - ok
18:41:31.0390 3488  smwdm - ok
18:41:31.0406 3488  Sparrow - ok
18:41:31.0406 3488  SPC1300 - ok
18:41:31.0421 3488  splitter - ok
18:41:31.0421 3488  Spooler - ok
18:41:31.0437 3488  sr - ok
18:41:31.0437 3488  srservice - ok
18:41:31.0453 3488  SRTSP - ok
18:41:31.0468 3488  SRTSPX - ok
18:41:31.0468 3488  Srv - ok
18:41:31.0484 3488  SSDPSRV - ok
18:41:31.0484 3488  stisvc - ok
18:41:31.0500 3488  stllssvr - ok
18:41:31.0515 3488  streamip - ok
18:41:31.0515 3488  swenum - ok
18:41:31.0531 3488  swmidi - ok
18:41:31.0531 3488  SwPrv - ok
18:41:31.0562 3488  sxuptp - ok
18:41:31.0562 3488  symc810 - ok
18:41:31.0578 3488  symc8xx - ok
18:41:31.0578 3488  SymEFA - ok
18:41:31.0593 3488  SymEvent - ok
18:41:31.0609 3488  SYMFW - ok
18:41:31.0609 3488  SYMIDS - ok
18:41:31.0625 3488  SymIM - ok
18:41:31.0640 3488  SymIMMP - ok
18:41:31.0640 3488  SYMNDIS - ok
18:41:31.0656 3488  SYMTDI - ok
18:41:31.0671 3488  sym_hi - ok
18:41:31.0671 3488  sym_u3 - ok
18:41:31.0687 3488  sysaudio - ok
18:41:31.0703 3488  SysmonLog - ok
18:41:31.0703 3488  tap0901 - ok
18:41:31.0718 3488  taphss - ok
18:41:31.0734 3488  TapiSrv - ok
18:41:31.0734 3488  tapvpn - ok
18:41:31.0750 3488  Tcpip - ok
18:41:31.0765 3488  TDPIPE - ok
18:41:31.0765 3488  TDTCP - ok
18:41:31.0781 3488  TermDD - ok
18:41:31.0781 3488  TermService - ok
18:41:31.0796 3488  Themes - ok
18:41:31.0812 3488  TivoBeacon2 - ok
18:41:31.0812 3488  TlntSvr - ok
18:41:31.0828 3488  TosIde - ok
18:41:31.0828 3488  TrkWks - ok
18:41:31.0843 3488  Udfs - ok
18:41:31.0859 3488  ultra - ok
18:41:31.0875 3488  Update - ok
18:41:31.0890 3488  upnphost - ok
18:41:31.0890 3488  UPS - ok
18:41:31.0906 3488  USBAAPL - ok
18:41:31.0906 3488  usbaudio - ok
18:41:31.0921 3488  usbccgp - ok
18:41:31.0921 3488  usbehci - ok
18:41:31.0937 3488  usbhub - ok
18:41:31.0937 3488  usbprint - ok
18:41:31.0953 3488  usbscan - ok
18:41:31.0968 3488  USBSTOR - ok
18:41:31.0968 3488  usbuhci - ok
18:41:31.0984 3488  VgaSave - ok
18:41:31.0984 3488  ViaIde - ok
18:41:32.0000 3488  VolSnap - ok
18:41:32.0000 3488  VSS - ok
18:41:32.0015 3488  W32Time - ok
18:41:32.0031 3488  Wanarp - ok
18:41:32.0046 3488  Wdf01000 - ok
18:41:32.0046 3488  WDICA - ok
18:41:32.0062 3488  wdmaud - ok
18:41:32.0062 3488  WebClient - ok
18:41:32.0078 3488  winmgmt - ok
18:41:32.0109 3488  wlidsvc - ok
18:41:32.0109 3488  WmdmPmSN - ok
18:41:32.0125 3488  Wmi - ok
18:41:32.0140 3488  WmiApSrv - ok
18:41:32.0156 3488  WMPNetworkSvc - ok
18:41:32.0156 3488  WPFFontCache_v0400 - ok
18:41:32.0171 3488  wscsvc - ok
18:41:32.0171 3488  WSearch - ok
18:41:32.0187 3488  WSTCODEC - ok
18:41:32.0203 3488  wuauserv - ok
18:41:32.0203 3488  WudfPf - ok
18:41:32.0218 3488  WudfRd - ok
18:41:32.0234 3488  WudfSvc - ok
18:41:32.0234 3488  WZCSVC - ok
18:41:32.0250 3488  xmlprov - ok
18:41:32.0265 3488  ================ Scan global ===============================
18:41:32.0281 3488  [Global] - ok
18:41:32.0281 3488  ================ Scan MBR ==================================
18:41:32.0296 3488  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:41:32.0468 3488  \Device\Harddisk0\DR0 - ok
18:41:32.0468 3488  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
18:41:32.0890 3488  \Device\Harddisk1\DR3 - ok
18:41:32.0890 3488  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4
18:41:33.0312 3488  \Device\Harddisk2\DR4 - ok
18:41:33.0328 3488  [ 0CF8AF38BCEDB0BC19A1C4485C4C9E66 ] \Device\Harddisk3\DR5
18:41:53.0609 3488  \Device\Harddisk3\DR5 - ok
18:41:53.0656 3488  [ 4C174FE99672B3A91FDA305D2EB1EFED ] \Device\Harddisk4\DR7
18:41:54.0546 3488  \Device\Harddisk4\DR7 - ok
18:41:54.0546 3488  [ 414FF7C52D109DA63C8AA38FF0846C4F ] \Device\Harddisk5\DR8
18:42:05.0937 3488  \Device\Harddisk5\DR8 - ok
18:42:05.0953 3488  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR11
18:42:05.0984 3488  \Device\Harddisk6\DR11 - ok
18:42:06.0000 3488  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk7\DR12
18:42:06.0000 3488  \Device\Harddisk7\DR12 - ok
18:42:06.0015 3488  [ FEFFDEDEA77250A6FCD92C304B49ACE2 ] \Device\Harddisk8\DR13
18:42:06.0031 3488  \Device\Harddisk8\DR13 - ok
18:42:06.0031 3488  ================ Scan VBR ==================================
18:42:06.0031 3488  [ C260EB58C7FEDFA17E489DDB4984DF15 ] \Device\Harddisk1\DR3\Partition1
18:42:06.0031 3488  \Device\Harddisk1\DR3\Partition1 - ok
18:42:06.0046 3488  [ 3E13ADA6483547DC990DB32F36994EF5 ] \Device\Harddisk2\DR4\Partition1
18:42:06.0046 3488  \Device\Harddisk2\DR4\Partition1 - ok
18:42:06.0062 3488  [ C634D31CE1867DB1CCCBA339A9B651D4 ] \Device\Harddisk3\DR5\Partition1
18:42:06.0062 3488  \Device\Harddisk3\DR5\Partition1 - ok
18:42:06.0078 3488  [ 0AEA7893FDC5235FFF77EDDF8781D480 ] \Device\Harddisk4\DR7\Partition1
18:42:06.0078 3488  \Device\Harddisk4\DR7\Partition1 - ok
18:42:06.0093 3488  [ ED92458B7D65C8DB7F706FA72FF0ECD8 ] \Device\Harddisk5\DR8\Partition1
18:42:06.0093 3488  \Device\Harddisk5\DR8\Partition1 - ok
18:42:06.0093 3488  [ A2967C8A1E63EC5287A9A942C5795A96 ] \Device\Harddisk6\DR11\Partition1
18:42:06.0109 3488  \Device\Harddisk6\DR11\Partition1 - ok
18:42:06.0109 3488  [ B959E19F83651064F99C3A5743AAFEEC ] \Device\Harddisk7\DR12\Partition1
18:42:06.0109 3488  \Device\Harddisk7\DR12\Partition1 - ok
18:42:06.0125 3488  [ C103616F72F642697059308CFD13D840 ] \Device\Harddisk8\DR13\Partition1
18:42:06.0125 3488  \Device\Harddisk8\DR13\Partition1 - ok
18:42:06.0125 3488  ============================================================
18:42:06.0125 3488  Scan finished
18:42:06.0125 3488  ============================================================
18:42:06.0140 0432  Detected object count: 0
18:42:06.0140 0432  Actual detected object count: 0
 



#5 Hercules40

Hercules40
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 08 February 2013 - 08:12 PM

(3) ADWCleaner Results: It took forever for Firefox to LOAD....

 

 

 



# AdwCleaner v2.111 - Logfile created 02/08/2013 at 18:52:10
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Mike - PAPAG06
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Mike\My Documents\My Downloads\Anti-Spyware\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Mike\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Mike\My Documents\Software
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\IZArc\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-21-1645522239-764733703-1177238915-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\8uhqn06a.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\77xdcr2a.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\prefs.js

Deleted : user_pref("keyword.URL", "hxxp://search.hotspotshield.com/g/results.php?c=s&q=");

File : C:\Documents and Settings\Lola\Application Data\Mozilla\Firefox\Profiles\j6samy5i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3327 octets] - [08/02/2013 18:52:10]

########## EOF - C:\AdwCleaner[S1].txt - [3387 octets] ##########
 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:04 AM

Posted 08 February 2013 - 08:21 PM

Good though as there were infections in it.


Edited by boopme, 08 February 2013 - 08:21 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Hercules40

Hercules40
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 08 February 2013 - 08:26 PM

EST Running now. Will supply results as soon as it finishes. Thanks boopme.

The HOSTS file entries (I went though all of them) are from Spybot, Search and Destroy. Should I remove them?

 

This USER: SUPPORT_388945a0 in my PC, where did it come from?

Should I delete?

Also, one other issue --- Microsoft WORD has a lot of trouble STARTING whenever I doubleclick it to launch it.


Edited by Hercules40, 08 February 2013 - 08:29 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:04 AM

Posted 08 February 2013 - 09:08 PM

Eset may take an hour or two.. If I leave I will look back early.

 

USER: SUPPORT_388945a0

This account is used for Help and Support Service, it´s a Built-in account. By default the account is disable. The recommendation is to keep it disabled. I don´t recomend to delete it, because in the future you may need it. Instead of that you can deny the logon of the account in the local security policies

 

Those are SpybotsTeatimer function.. You can disable that or reset the Hosts or delete.

 

If you have an XP disc you can run

SFC
Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system  CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click  File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Hercules40

Hercules40
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 08 February 2013 - 09:22 PM

ESET still running.

I expect you want me to run sfc after it finishes? I'll get my Windows CD ready. Thanks.

I forgot about the USER: SUPPORT_388945a0 user. Oh well. I'll leave it alone.

Did everything else look OK?



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:04 AM

Posted 08 February 2013 - 09:35 PM

Yes after ESET,

 

Some things to update,but have to wait till all is done.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Hercules40

Hercules40
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 08 February 2013 - 10:44 PM

Norton keeps trying to RUN while ESET is running. Can I disable it temporarily?



#12 Hercules40

Hercules40
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 09 February 2013 - 02:32 PM

ESET is still running after 18 hours. So far it has found over 42 problems. Right now it's stuck on checking an ISO of Slackware in an attached USB drive, and it has been checking this for the last 3+ hours. Could this be a problem? Should I wait for it to get out of the ISO?



#13 Hercules40

Hercules40
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 09 February 2013 - 03:49 PM

BSOD.

ESET was stuck in checking an ISO of Slackware in USB drive H: (for over 4 hours). I thought it might be a connection issue, but as I "jiggled" the USB connector, I ended-up with a BSOD.

I have now restarted the PC, deleted "Slackware" and restarted ESET.

Do I need to do anything else?


PS.  Can I start a separate thread for cleaning the wife's laptop.... DO same steps apply, or different methodology for it?



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:04 AM

Posted 09 February 2013 - 07:33 PM

Yes start a new topic for that.

 

I would also like to run a quick scan with MBAM.

 

Please download [b][url=http://www.malwarebytes.org/products/malwarebytes_free]Malwarebytes Anti-Malware[/url][/b] and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

[color=green]Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.[/color]

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.

  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that'
s the case, use [URL=http://helpdesk.malwarebytes.org/entries/20872371-use-chameleon-to-run-malwarebytes-on-infected-systems]Malwarebytes Chameleon[/URL] and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Hercules40

Hercules40
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 10 February 2013 - 01:59 PM

Amazing what you download when you don't know. Will run MBAM next. But last run I made it found nothing.

Results of ESET Scan after 20 Hours =

 

 

 

 

I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Orbit\OrbitDownloaderSetup4.1.1.13.exe    Win32/OpenCandy application    
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\RipBot264\RipBot264v1.17.1.7z    Win32/PrcView application    
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\RipBot264\RipBot264v1.17.1\Tools\Process\Process.exe    Win32/PrcView application    
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\YouTube\cnet2_Pazera_Free_FLV_to_AVI_Converter_exe.exe    a variant of Win32/InstallCore.D application    
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\YouTube\FreeYouTubeDownloaderInstaller.exe    a variant of Win32/Somoto.A application    
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\YouTube\FreeYouTubeDownloaderInstaller2.exe    a variant of Win32/Somoto.A application    
I:\Seagate Backup\PAPAG06\History\Level2\C\Documents and Settings\Mike\My Documents\My Downloads\HSS-1.16-install-anchorfree-76-conduit.zip    a variant of Win32/HotSpotShield application    
I:\Seagate Backup\PAPAG06\History\Level2\C\Documents and Settings\Mike\My Documents\My Downloads\InternationalPrimoPDF.exe    Win32/OpenCandy application    
I:\Seagate Backup\PAPAG06\History\Level2\C\Documents and Settings\Mike\My Documents\My Downloads\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask application    
I:\Seagate Backup\PAPAG06\History\Level2\C\Documents and Settings\Mike\My Documents\My Downloads\SoftonicDownloader_for_tvants.exe    a variant of Win32/SoftonicDownloader.A application    
I:\Seagate Backup\PAPAG06\History\Level2\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\MediaInfo_GUI_0.7.51_Windows_i386.exe    Win32/OpenCandy application    
I:\Seagate Backup\PAPAG06\History\Level2\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\MediaInfo_GUI_0.7.54_Windows_i386.exe    Win32/OpenCandy application    
I:\Seagate Backup\PAPAG06\History\Level2\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Any Video Converter Program\avc-free.exe    Win32/OpenCandy application    
I:\Seagate Backup\PAPAG06\History\Level3\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Any Video Converter Program\avc-free.exe    Win32/OpenCandy application    
J:\My Downloads\Video Processing Programs\D2S122B3.zip    Win32/PrcView application    
C:\Documents and Settings\Mike\My Documents\Downloads\OrbitDownloaderSetup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\Downloads\Pazera_Free_FLV_to_AVI_Converter.exe    Win32/InstallMonetizer.AF application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Anchor Free Proxy\HSS-1.16-install-anchorfree-76-conduit.zip    a variant of Win32/HotSpotShield application    deleted - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Codecs\cole2k.media.-.codec.pack.v7.9.1.-standard-.setup.exe    Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\PDF\InternationalPrimoPDF.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\PDF\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Softonic\SoftonicDownloader_for_tvants.exe    a variant of Win32/SoftonicDownloader.A application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Any Video Converter Program\avc-free.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\AVS to DVD\AVStoDVD_251_Install.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\DailyMotion\cnet2_OrbitDownloaderSetup_exe.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\DVD Video Soft\FreeStudio.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Format Factory\FFSetup295.zip    multiple threats    deleted - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Format Factory\FFSetup296.zip    multiple threats    deleted - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Format Factory\FFSetup295\FFSetup295.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Image Burn\SetupImgBurn_2.5.7.0(1).exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Image Burn\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Media Info\MediaInfo_GUI_0.7.51_Windows_i386.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Media Info\MediaInfo_GUI_0.7.54_Windows_i386.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Orbit\Brothersoft_downloader_For_Orbit_Downloader.exe    a variant of Win32/BSDownloader application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Orbit\OrbitDownloaderSetup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Orbit\OrbitDownloaderSetup4.1.1.13.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\RipBot264\RipBot264v1.17.1.7z    Win32/PrcView application    deleted - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\RipBot264\RipBot264v1.17.1\Tools\Process\Process.exe    Win32/PrcView application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\YouTube\cnet2_Pazera_Free_FLV_to_AVI_Converter_exe.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\YouTube\FreeYouTubeDownloaderInstaller.exe    a variant of Win32/Somoto.A application    cleaned by deleting - quarantined
C:\Documents and Settings\Mike\My Documents\My Downloads\Video Software\YouTube\FreeYouTubeDownloaderInstaller2.exe    a variant of Win32/Somoto.A application    cleaned by deleting - quarantined
C:\Program Files\AVStoDVD\ImgBurn\SetupImgBurn_2.5.5.0.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\HSS-1.16-install-anchorfree-76-conduit.zip    a variant of Win32/HotSpotShield application    deleted - quarantined
G:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\InternationalPrimoPDF.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\SoftonicDownloader_for_tvants.exe    a variant of Win32/SoftonicDownloader.A application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\History\Level2\C\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\Cache\9F1402CEd01    Win32/OpenCandy application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\History\Level2\C\Program Files\Hotspot Shield\bin\openvpnas.exe    a variant of Win32/HotSpotShield application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\History\Level3\C\Program Files\Hotspot Shield\bin\openvpnas.exe    a variant of Win32/HotSpotShield application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\History\Level4\C\Program Files\Hotspot Shield\bin\openvpnas.exe    a variant of Win32/HotSpotShield application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\History\Level5\C\Program Files\Hotspot Shield\bin\openvpnas.exe    a variant of Win32/HotSpotShield application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\My Documents 10-31-11\My Downloads\HSS-1.16-install-anchorfree-76-conduit.zip    a variant of Win32/HotSpotShield application    deleted - quarantined
G:\Seagate Backup\PAPAG06\My Documents 10-31-11\My Downloads\InternationalPrimoPDF.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\My Documents 10-31-11\My Downloads\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\My Documents 10-31-11\My Downloads\SoftonicDownloader_for_tvants.exe    a variant of Win32/SoftonicDownloader.A application    cleaned by deleting - quarantined
G:\Seagate Backup\PAPAG06\My Documents 11-1-11\My Downloads\GraboidVideoSetup-2.32-Complete.exe    Win32/Graboid application    cleaned by deleting - quarantined
H:\Programs\Program Downloads\Platinum Hide IP 3.0.5.2 Full.rar    a variant of Win32/Injector.TMC trojan    deleted - quarantined
I:\Mike_Backup\2011-11-02_21-18-29\Memeo\2011-11-02_21-18-29\C_\Documents and Settings\Mike\My Documents\My Downloads\HSS-1.16-install-anchorfree-76-conduit.zip    a variant of Win32/HotSpotShield application    deleted - quarantined
I:\Mike_Backup\2011-11-02_21-18-29\Memeo\2011-11-02_21-18-29\C_\Documents and Settings\Mike\My Documents\My Downloads\InternationalPrimoPDF.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
I:\Mike_Backup\2011-11-02_21-18-29\Memeo\2011-11-02_21-18-29\C_\Documents and Settings\Mike\My Documents\My Downloads\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
I:\Mike_Backup\2011-11-02_21-18-29\Memeo\2011-11-02_21-18-29\C_\Documents and Settings\Mike\My Documents\My Downloads\SoftonicDownloader_for_tvants.exe    a variant of Win32/SoftonicDownloader.A application    cleaned by deleting - quarantined
I:\Mike_Backup\2011-11-02_21-18-29\Memeo\2011-11-02_21-18-29\C_\Documents and Settings\Mike\My Documents\My Downloads\Codecs\cole2k.media.-.codec.pack.v7.9.1.-standard-.setup.exe    Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
I:\Mike_Backup\2011-11-02_21-18-29\Memeo\2011-11-02_21-18-29\C_\Documents and Settings\Mike\My Documents\My Downloads\Softonic\SoftonicDownloader_for_tvants.exe    a variant of Win32/SoftonicDownloader.A application    cleaned by deleting - quarantined
I:\Mike_Backup\2011-11-02_21-18-29\Memeo\2011-11-02_21-18-29\C_\Documents and Settings\Mike\My Documents\My Downloads\Video Software\MediaInfo_GUI_0.7.51_Windows_i386.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\Downloads\OrbitDownloaderSetup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\Downloads\Pazera_Free_FLV_to_AVI_Converter.exe    Win32/InstallMonetizer.AF application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Anchor Free Proxy\HSS-1.16-install-anchorfree-76-conduit.zip    a variant of Win32/HotSpotShield application    deleted - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Codecs\cole2k.media.-.codec.pack.v7.9.1.-standard-.setup.exe    Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\PDF\InternationalPrimoPDF.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\PDF\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Softonic\SoftonicDownloader_for_tvants.exe    a variant of Win32/SoftonicDownloader.A application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Any Video Converter Program\avc-free.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\AVS to DVD\AVStoDVD_251_Install.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\DailyMotion\cnet2_OrbitDownloaderSetup_exe.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\DVD Video Soft\FreeStudio.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Format Factory\FFSetup295.zip    multiple threats    deleted - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Format Factory\FFSetup296.zip    multiple threats    deleted - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Format Factory\FFSetup295\FFSetup295.exe    multiple threats    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Image Burn\SetupImgBurn_2.5.7.0(1).exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Image Burn\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Media Info\MediaInfo_GUI_0.7.51_Windows_i386.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Media Info\MediaInfo_GUI_0.7.54_Windows_i386.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Orbit\Brothersoft_downloader_For_Orbit_Downloader.exe    a variant of Win32/BSDownloader application    cleaned by deleting - quarantined
I:\Seagate Backup\PAPAG06\C\Documents and Settings\Mike\My Documents\My Downloads\Video Software\Orbit\OrbitDownloaderSetup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users